Insider Threat in Healthcare: Tips Beyond Just HIPAA Compliance

Healthcare professionals need immediate access to patient data, but how can medical organizations help their employees save lives while keeping personal patient data secured?

Healthcare CISOs already know the reality they’re in – doctors and nurses use cloud services like Facebook and Dropbox, just like the rest of us. Typically, were any data breach to occur because of patient data shared within these applications, we’d assume it was done accidentally and not maliciously.

Human nature also plays a role when looking to understand how breaches happen. A Veriphyr healthcare survey from a few years back found that 35% of healthcare “insiders” had snooped into medical records of fellow employees, and 27% had accessed the medical records of family and friends. Imagine Taylor Swift being admitted to hospital one evening – can the hospital be 100% sure their employees won’t go snooping into her medical records out of curiosity – or with other ulterior motives?

At any rate, the intent doesn’t matter. The result is the same. The loss of protected health information (PHI), the financial/ trust losses of the organization, and the public and private recovery from such a breach are now the only things on the horizon for the CISO.

Employees Cause Over 50% of Healthcare Breaches

  • Verizon recently published a whitepaper called Protected Health Information Data Breach Report for 2018, which all security and IT professionals working in healthcare should read in full. We’ll cover some of the major topics here for the sake of brevity. 

The report found that 58% of incidents in healthcare involve employees. Note that the overall average across all industries is a (still-alarming) 27%. Unfortunately, the healthcare industry carries an honor all its own – it’s the only industry in which employees and internal contractors pose the biggest cybersecurity threat to the (Read more...)

*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Sally Feller and Cylance Research and Intelligence Team. Read the original post at: https://threatvector.cylance.com/en_us/home/insider-threat-in-healthcare-tips-beyond-just-hipaa-compliance.html